class ApplicationController < ActionController::Base
  session :session_key => '_barleysodas_session_id'
  
  append_before_filter :block_prefetching_links
  append_before_filter :authorized?
  append_before_filter :set_current_people_id
  
  helper_method :logged_in?, :has_permission_for_action?, :per_page
  
  cattr_accessor :current_people_id
  
  ##
  # Ensures that the request was made using an Ajax request.
  #
  def ensure_xhr
    return false unless request.xhr?
    true
  end
  
  ##
  # Determines if the user is logged in.
  #
  def logged_in?
    return !session[:people_title].nil?
  end
  
  ##
  # Determines if a user can access an action.
  #
  def authorized?
    return true if has_permission_for_action?
    respond_to do |format|
      format.html {
        if !logged_in?
          session[:request_url] = request.request_uri
          redirect_to new_session_path
          return
        end
        @content_title = 'Forbidden'
        @secondary_title = ''
        @hide_sidebar = true
        session[:request_url] = nil if !logged_in?
        render :template => 'shared/unauthorized'
      }
      format.xml { render :nothing => true, :status => 403 }
    end
  end
  
  ##
  # Sane error and missing document messages.
  #
  def rescue_action_in_public(exception)
    logger.debug("#{exception.class.name}: #{exception.to_s}")
    exception.backtrace.each { |bt| logger.debug "! #{bt}" }
    case exception
      when ::ActiveRecord::RecordNotFound,
           ::ActionController::UnknownController,
           ::ActionController::UnknownAction,
           ::ActionController::RoutingError
        render :file => File.join(RAILS_ROOT, 'public/404.html'),
          :status => '404 Not Found'
      else
        render :file => File.join(RAILS_ROOT, 'public/500.html'),
          :status => '500 Error'
    end
  end
  
  ##
  # Sets the +@page+ variable to allow discussions. This should probably
  # have some kind of permission availability check later on.
  #
  def allow_page_discussions
    @page.allow_discussions = true
  end
  
  ##
  # This will eventually figure out what the People has configured for a per
  # page limit of objects.
  #
  def per_page
    50
  end
  
  protected
  
  ##
  # Finds an object model for the particular resource requested. This will be
  # used to find any model in the current pattern and maybe even the associated
  # Page model.
  #
  def fetch_model
    # where
    obj_type = params[:controller]
    # what
    tfu = Page.title_from_url(params[:id])
    
    # conditions for find
    cond_ary = [
      'title = :model_title'
    ]
    cond_var = {
      :model_title => tfu,
    }
    cond_ary << 'owner_type IS NULL' if obj_type == 'pages'
    
    # the eventual name of the instance variable, like +@page+
    obj_name = obj_type.singularize
    
    # find the object
    obj = Class.class_eval(obj_name.camelize).find(:first,
      :conditions => [ cond_ary.join(' AND '), cond_var ])
    
    # allow the chance to make a new one if you GET the URL, but not for Style
    if request.get? and obj.nil? and obj_type != 'styles'
      flash[:notice] =
        "The #{obj_name} was not found, would you like to make it?"
      redirect_to :action => 'new', :new_title => tfu
      return
    elsif obj.nil?
      # fail if not found
      raise ActiveRecord::RecordNotFound.new
    end
    # set the class variable
    instance_variable_set("@#{obj_name}", obj)
    # set the associated page if necessary
    @page = obj.page if obj.respond_to?('page')
    true
  end
  
  ##
  # Log the error and mail it out if the request is not a local request.
  # Usually only used in production mode.
  #
  def log_error(exception)
    super(exception)
    begin
      unless local_request? or RAILS_ENV == 'development' or
        exception.class == ActiveRecord::RecordNotFound
        ErrorMailer.deliver_snapshot(exception, clean_backtrace(exception),
          session.instance_variable_get("@data"), params, request.env)
      end
    rescue => e
      logger.info e.to_s
    end
  end
  
  private
  
  ##
  # Stops all prefetching by the Google web accelerator by returning a 403
  # forbidden error.
  #
  # Original Copyright:
  # Copyright (c) 2005 David Heinemeier Hansson
  #
  # Permission is hereby granted, free of charge, to any person obtaining
  # a copy of this software and associated documentation files (the
  # "Software"), to deal in the Software without restriction, including
  # without limitation the rights to use, copy, modify, merge, publish,
  # distribute, sublicense, and/or sell copies of the Software, and to
  # permit persons to whom the Software is furnished to do so, subject to
  # the following conditions:
  #
  # The above copyright notice and this permission notice shall be
  # included in all copies or substantial portions of the Software.
  #
  # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
  # EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
  # MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
  # NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
  # LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
  # OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
  # WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
  #
  def block_prefetching_links
    if request.env["HTTP_X_MOZ"] == "prefetch"
      render :nothing => true, :status => "403 Forbidden"
      return false
    end
  end
  
  ##
  # Finds a People Permission models and determines if the People has access
  # to a particular aspect of the system. Also finds the Guest user and checks
  # for the Guest Role.
  #
  def has_permission_for_action?(aname = nil, cname = nil)
    role = nil
    aname ||= params[:action]
    cname ||= params[:controller]
    aname = aname.to_s
    cname = cname.to_s
    if logged_in?
      role = People.find(session[:people_id]).role rescue nil
    end
    role ||= Role.base_role
    while role
      return true if role.permissions.detect do |p|
        p.controller.to_s == cname and p.action.to_s == aname
      end
      role = role.parent
    end
    false
  end
  
  ##
  # Sets a class accessor for the current People.
  #
  def set_current_people_id
    self.current_people_id = session[:people_id]
  end
end